What is GDPR and how will it affect your marketing?

on Monday, 01 January 2018

The EU's General Data Protection Regulation (GDPR) will be coming into place in 2018. While it may seem to many like a very confusing concept; this article is here to provide you with a brief outline of what it is, and how it may affect your marketing.

Essentially, the GDPR is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now being used. The new regulation was adopted by both the European Parliament and the European Council in April 2016. While the UK currently relies on the 1998 Data Protection Act, this will now be replaced by the GDPR.

In simple terms, the GDPR will...

Initiate harsher fines for breaches and non-compliance

Give people more say over what businesses can do with their data

Will make data protection rules pretty much the same throughout the EU – intended to ‘harmonise’ data privacy laws across Europe

Regarding your business, here are some larger changes that you may need to prepare for:

Accountability and compliance

Businesses covered by the GDPR will be more accountable for their handling of personal information. This may include the implementation of data protection policies, having relevant documents on how data is processed, and undertaking data protection impact assessments. Along with this, they’ll also be a requirement for businesses to obtain consent to process data in some situations.

Access to data

The GDPR also gives individuals a lot more power to access information that is held about them, meaning requests for personal data can be made for free. GDPR also gives power to individuals if they wish to have their personal data erased, under certain circumstances.

Fines

The GDPR grants greater power to regulators, allowing them to fine businesses that don't comply with GDPR protocol. For instance, this may occur if a business fails to process an individual's data correctly, if there’s a security breach, or if it requires and does not have a data protection officer.

Changes to the meaning of personal data

Under the GDPR, the EU’s definition of personal data has been expanded. The definition now includes online identifiers such as IP addresses, aiming to reflect the types of data organisations now collect about people. Other data, such as cultural, economic, or mental health information are also going to be classed as personally identifiable information.

Finally, many businesses have raised questions over the matter of Brexit. To put these concerns to bed, while the UK is indeed leaving the EU, the UK government has not yet triggered Article 50. This means that the GDPR will take effect before the legal consequences of the Brexit vote, meaning the UK must still comply for the time being. Simple (for now).

If you would like any further advice on marketing for yourself or your business, then contact Shamshad directly on Shamshad@shamshadwalker.co.uk or call 0115 880 0247